CN110737448A - firmware encryption system containing microcontroller and firmware protection and upgrade method thereof - Google Patents

firmware encryption system containing microcontroller and firmware protection and upgrade method thereof Download PDF

Info

Publication number
CN110737448A
CN110737448A CN201811031615.5A CN201811031615A CN110737448A CN 110737448 A CN110737448 A CN 110737448A CN 201811031615 A CN201811031615 A CN 201811031615A CN 110737448 A CN110737448 A CN 110737448A
Authority
CN
China
Prior art keywords
central control
control system
firmware
program
subsystem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811031615.5A
Other languages
Chinese (zh)
Other versions
CN110737448B (en
Inventor
张杨
毛容伟
王炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Ruibijia Medical Technology Co Ltd
Original Assignee
Hangzhou Ruibijia Medical Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Ruibijia Medical Technology Co Ltd filed Critical Hangzhou Ruibijia Medical Technology Co Ltd
Priority to CN201811031615.5A priority Critical patent/CN110737448B/en
Publication of CN110737448A publication Critical patent/CN110737448A/en
Application granted granted Critical
Publication of CN110737448B publication Critical patent/CN110737448B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

A firmware enciphering system containing microcontroller and its firmware protection and upgrade method, the firmware enciphering system includes central control system and subsystem set connected by data line, the central control system and subsystem includes user application programs published publicly and system bootstrap program not published publicly, the central control system and subsystem carry out their own system internal firmware verification and carry on the system firmware verification, only the verified system bootstrap program releases the key data of the user application program to the designated RAM area and continues to execute the user application program, the firmware verification information between the central control system and its subsystem registers in the remote server and is used for upgrading verification, the upgrading of the user application program of the subsystem and central control system is carried out by the central control system , the key management is simple, the upgrading of the firmware is carried out automatically by network, avoiding manual download, and increasing the firmware system security.

Description

firmware encryption system containing microcontroller and firmware protection and upgrade method thereof
Technical Field
The invention relates to a firmware protection technology of instrument equipment, in particular to firmware encryption systems containing microcontrollers and firmware protection and upgrading methods thereof.
Background
The development of the technology is changing day by day, in order to meet the rapid change of the market, the products of the enterprise are also rapidly updated, but the company needs to develop a large investment behind the development, when products enter the market, the enterprise is very worried that the design is directly copied by illegal merchants, and the issued firmware is stolen, so that pirated clone copy products are rapidly released, and the economic benefit of the research and development company is seriously damaged.
Although the firmware of the control circuit board can be protected by prohibiting the flow of the firmware, the firmware is not feasible each time the firmware needs to be processed through a company service channel by a user, the user experience is influenced in aspect, unnecessary extra operation expense of a company is increased secondly, so the control is needed to be performed on the firmware encryption protection, the firmware upgrade is opened to the user in aspect, and the firmware also needs to be protected, and cannot be cloned to a counterfeit product even if being acquired by a lawbreaker.
Disclosure of Invention
In order to solve the above problems, the present invention provides firmware encryption systems including microcontrollers and firmware protection and upgrading methods thereof, which automatically update firmware in the case of networking, give the best physical examination to the legitimate users, and at the same time, can effectively prevent the firmware from being illegally used on counterfeit products.
The firmware encryption system comprising the microcontroller comprises a central control system and a subsystem set which are connected through a data line, wherein the subsystem set at least comprises subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program areas of the central control system and the subsystems thereof respectively comprise version information areas for recording the version information of the user application programs.
, the system boot program of the central control system includes the matching information required for detecting the validity of the firmware match, which includes the hardware unique marker of the central control system, the version number of the system boot program of the central control system, and the hardware unique marker of every subsystems paired with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
, the key data is encrypted and written to the system boot area, the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system, the key used by the subsystem for encryption corresponds to the version number of the system boot program of the subsystem, the encryption algorithm is a symmetric algorithm, and the key is part of the firmware program of the system boot program and is determined when the system boot program is delivered from the factory.
A firmware protection and upgrade method for firmware encryption system including microcontroller is as follows:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap programs of the central control system and the subsystem respectively decrypt blocks of encrypted data stored in a system bootstrap program area to obtain data required by matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the encrypted firmware program to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the encrypted firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the encrypted firmware program is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system to update, and sends an instruction to the server to request for updating record information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory area, jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
, the specific method for establishing the correlation between the central control system and the subsystems comprises:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
Further , the method of detecting the validity of the firmware match is as follows:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
, the central control system sends the system information to the server when checking the firmware update, the system information includes the encrypted hardware unique marker of the central control system, the version number of the system bootstrap program of the central control system, the version number of the user application program of the central control system, the hardware unique marker of all the connected subsystems and the version number of the user application program, and the version number of the system bootstrap program of the central control system sent in the clear text, and the remote external server determines the key according to the version number of the system bootstrap program received in the clear text, decrypts and extracts the system information.
Compared with the prior art, the firmware encryption system comprising the microcontroller and the firmware protection and upgrading method thereof have the following advantages:
1. the subsystem and the central control system use a multiple protection mechanism, the subsystem and the central control system need to pass the firmware verification of the system, then the subsystem and the central control system need to pass the verification, and finally the firmware program can be upgraded after the verification of the remote server.
2. The central control system automatically downloads the updating program through the network, a user does not have the opportunity to directly contact the firmware program, the opportunity of firmware leakage is reduced, the firmware program issued by the server is encrypted, and even a firmware program imitator is obtained, the firmware program imitator can not use the firmware program.
3. The only marker used in the hardware verification is encrypted before being stored and then written into the memory, which increases the difficulty of the hardware marker verification method.
4. The user application program is decrypted in advance by the central controller when being updated, the program protection is carried out by encrypting a very small amount of key data, and the firmware program only decrypts the key data every time, so that the condition that the whole or most of the user application program needs to be decrypted every time the program is executed is avoided, and machine resources are greatly saved.
5. The decrypted key corresponds to the version number of the system boot program of the central control system, so that the maintenance is simple, and the firmware is protected from encryption.
Drawings
FIG. 1 is a system architecture diagram of a firmware encryption system incorporating a microcontroller.
FIG. 2 is a system framework diagram of a subsystem in a firmware encryption system including a microcontroller.
Fig. 3 is a system framework diagram of a central control system in a firmware encryption system including a microcontroller.
Detailed Description
As shown in fig. 1, firmware encryption systems including microcontrollers according to the present invention includes a central control system and a subsystem set connected by a data line, where the subsystem set includes at least subsystems, and the subsystem set shown in fig. 1 includes 4 subsystems A, B, C and d.
Further , the firmware between the central control system and the subsystems is checked by matching check information stored in the respective systems, and if a mismatch is found, the system goes to a halt state.
FIG. 2 is a system framework diagram of a subsystem, wherein a firmware system of the subsystem comprises non-publicly released system boot program (Bootloader) areas and publicly released user application programs, the system boot program (Bootloader) is a program which is executed first after the system is powered on, most basic system boot programs are interrupt variables and program entries for setting the firmware program and jump to the user application program entries, and the publicly released user application programs are encrypted when being released.
further, the system boot program of the subsystem includes a program function area 100 and an encrypted data storage area 101. the system boot program function area 100 includes, but is not limited to, a firmware match validity check module, an encryption decryption module, and a data exchange module for exchanging data with the central control system. the encrypted data storage area 101 contains key data that are necessary for detecting the validity of the firmware match and for normal operation of the user application.
, the hardware unique marker stored in the encryption region 101 is encrypted and encrypted with a key corresponding to the version number of the system boot program, which is determined at the time of factory shipment, even if the hardware unique marker is obtained by other methods and the memory is copied maliciously, since the unique marker stored in the encryption region is encrypted, it is possible to prevent malicious hacking of the matching information.
Further , the user application program area includes a program function area 110 and a version information area 111. the version information area 111 records the version number of the current firmware program for determining whether to update.
In embodiments, the RAM of the random access area of the subsystem comprises a normal RAM area 120 and a RAM area 121 for storing key data, as shown in FIG. 2. if the system boot program passes the verification in the matching verification, the key data area 121 of the RAM area is written with the key data, which is the data necessary for the correct execution of the user application program, and a typical example of the data looks like the entry address of the key function, the execution parameters such as the calculation factor of some key data and the assignment of some key global variable.
The firmware system of the central control system comprises non-publicly released system boot programs (bootloaders) and publicly released user application programs, the system boot programs are programs executed firstly after the system is powered on, and most basic system boot programs are interrupt variables and program entries for setting the firmware programs, and jump to the firmware program entries.
Further , the system boot program of the central control system includes a program function area 200 and an encrypted data save area 201. the system boot program function area 200 includes, but is not limited to, a firmware match validity detection module, a module for establishing a data link with an external remote server, an encryption decryption module, and a data exchange module for exchanging data with the subsystems. the encrypted data save area 201 includes, but is not limited to, a hardware unique marker of the central control system, a hardware unique marker of a subsystem paired with the central control system and version information of the system boot program, and match information with all subsystems.
The encryption area 201 of the central control system contains matching information records matching information with subsystems, as shown in fig. 3, the central control system establishes a connection relationship with 4 subsystems, and each matching information record comprises a hardware unique marker of the central control system, a hardware unique marker of a subsystem associated with the marker, a system boot version number of the subsystem, and a user application version number of the subsystem.
Further , the hardware unique marker stored in the encrypted data storage area 201 is encrypted, using a key corresponding to the version number of the system boot program, which is determined at the time of factory shipment, even if the hardware unique marker is obtained by other methods and the memory is copied maliciously, since the unique marker stored in the encrypted area is encrypted, it is possible to prevent malicious hacking of the matching information.
Further , the user application area includes a program function area 210 and a version information area 211. the version information area 211 records the version number of the current user application for determining whether an update is required.
In embodiments, as shown in FIG. 3, the RAM of the random access area of the central control system includes a normal RAM area 220 and a RAM area 221 for storing critical data, as shown in FIG. 3. if the system boot program passes the verification in the matching verification, critical data is written into the critical data area 221 of the RAM area, the critical data is data essential for the correct execution of the user application program 210, and the data may be the entry address of the critical function, or other execution parameters such as a calculation factor of some critical data or some critical global variable assignment.
In preferred embodiments, the firmware encryption system including a microcontroller according to the present invention comprises a central control system and a subsystem set connected by a data line, wherein the subsystem set comprises a plurality of subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data areas 201 and 101 are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program area of the central control system and its subsystems respectively includes version information areas 211 and 111 for recording the version information of the user application program.
, the system boot program of the central control system includes the matching information required for detecting the validity of the firmware match, which includes the hardware unique marker of the central control system, the version number of the system boot program of the central control system, and the hardware unique marker of every subsystems paired with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
, the key data is encrypted and written to the system boot area, the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system, the key used by the subsystem for encryption corresponds to the version number of the system boot program of the subsystem, the encryption algorithm is a symmetric algorithm, and the key is part of the firmware program of the system boot program and is determined when the system boot program is delivered from the factory.
A firmware protection and upgrade method for firmware encryption system including microcontroller is as follows:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap program of the central control system and the subsystem decrypts sections of encrypted data (201 and 101) stored in a system bootstrap program area to obtain data required by the matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the system to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the system is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system for updating, and sends an instruction to the server for updating the recorded information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory areas (221 and 121), jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
The updating of the user application program of the central control system and the subsystems thereof is automatically carried out through a network, thereby preventing the user from directly contacting the firmware program and reducing the possibility of cracking the firmware program.
, the specific method for establishing the correlation between the central control system and the subsystems comprises:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
, the method for detecting the validity of the firmware matching specifically comprises the following steps:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
, the central control system sends the system information to the server when checking the firmware update, the system information includes the encrypted hardware unique marker of the central control system, the version number of the system boot program of the central control system, the version number of the user application program of the central control system, the hardware unique markers and the version number of the user application program of all the connected subsystems, and the version number of the system boot program of the central control system sent in the clear, and the remote external server determines the key according to the version number of the system boot program received in the clear, decrypts and extracts the system information.
Compared with the prior art, the firmware protection and upgrading method of the firmware encryption system containing the microcontroller only encrypts a small amount of key data (including the hardware unique marker) of the firmware, the decrypted software resource cost is quite low, the hardware unique marker is stored in a safe storage area after being encrypted, even if the key data is cracked violently, the hardware unique marker is also written into the storage area after being encrypted, and the decryption cannot be easily carried out, the firmware matching information is also stored in an external remote server, the firmware updating is controlled through the external server, the safety factor is increased, the updating program is automatically carried out through a network, the risk of firmware leakage is reduced, and a legal user can be ensured to obtain the latest firmware.
In light of the foregoing description of the preferred embodiment of the present invention, many modifications and variations will be apparent to those skilled in the art without departing from the spirit and scope of the invention. The technical scope of the present invention is not limited to the content of the specification, and must be determined according to the scope of the claims.

Claims (7)

1, firmware encryption system containing microcontroller, which is characterized by comprising a central control system and a subsystem set connected by data lines;
the set of subsystems includes at least subsystems;
the central control system comprises a user application program of the central control system which is published publicly and a system bootstrap program (BootLoader) of the central control system which is not published publicly, wherein the user application program of the central control system which is published publicly is encrypted before being published and is decrypted by the system bootstrap program of the central control system and replaces the original user application program when being upgraded;
the subsystem comprises a user application program of the publicly released subsystem and a system bootstrap program (BootLoader) of the non-publicly released subsystem, wherein the user application program of the publicly released subsystem is encrypted before being released and is decrypted by the system bootstrap program of the central control system during upgrading and is transmitted to the subsystem through a data line;
the system boot program of the central control system comprises a firmware matching validity detection module, a module for establishing data link with an external remote server, an encryption and decryption module and a data exchange module for exchanging data with the subsystem;
the system boot program of the subsystem comprises a firmware matching validity detection module, an encryption and decryption module and a data exchange module for exchanging data with the central control system;
blocks of encrypted data storage areas are respectively included in the system boot programs of the central control system and the subsystems, and the encrypted data comprise key data which are necessary for detecting the validity of the firmware matching and normally operating the user application program;
essential key data of the normal operation of the user application program are released to a specified memory area after the system boot program passes the firmware validity detection;
the firmware matching validity detection comprises detecting whether the firmware is matched with the hardware and detecting whether the central control system is matched with the subsystem;
the user application program areas of the central control system and the subsystems thereof respectively comprise version information areas for recording the version information of the user application programs.
2. The firmware encryption system including a microcontroller according to claim 1, wherein:
the matching information required for detecting the validity of the firmware matching, which is included in the system boot program of the central control system, comprises a hardware unique marker of the central control system, the version number of the system boot program of the central control system and a hardware unique marker of each subsystems matched with the system boot program;
the matching information required for the detection of the validity of the firmware match included in the system boot program of the subsystem includes an -only marker of the hardware of the subsystem, a version number of the system boot program of the subsystem, and a -only marker of the hardware of the central control system matched therewith.
3. The firmware encryption system including a microcontroller according to claim 1, wherein:
the key data is encrypted and written into a system boot area;
the key used by the central control system for encryption corresponds to the version number of the system boot program of the central control system;
the encryption key of the subsystem corresponds to the version number of the system boot program of the subsystem;
the encryption algorithm is a symmetric algorithm;
the key is part of the firmware program of the system boot program and is determined at the time of factory shipment.
4, A firmware protection and upgrade method for firmware encryption system including microcontroller, characterized in that:
the method comprises the following specific steps:
establishing a mutual association relation between a central control system and subsystems when firmware sintering is carried out before equipment leaves a factory, registering association information in an external server, and respectively carrying out firmware matching validity detection in the system and firmware matching validity detection between the systems by the central control system and the subsystems thereof when the equipment is started later;
the central control system and the subsystem respectively comprise a system bootstrap program and a user application program, and the system bootstrap programs of the central control system and the subsystem respectively decrypt encrypted data stored in a system bootstrap program area to obtain data required by the matching detection and key data indispensable for normal execution of the user application program;
the central control system automatically connects an external remote server before completing the firmware matching validity detection and jumping to a user application program, if the server is connected, the central control system sends system information of the system to the server, the server inquires whether the system is registered or not according to the received information and inquires whether a new firmware program exists or not, if the new firmware program exists, the server packages and encrypts the firmware program and a hardware unique marker attached with the system, and sends the system to the central control system, the central control system decrypts according to a preset secret key, extracts a hardware unique marker contained in a data packet from the firmware program, finds a corresponding system according to the recorded matching information, if the update belongs to the central control system, the system is written into a user application program area of the central control system, if the update belongs to a subsystem, the decrypted firmware is transmitted to the subsystem through a data exchange module of the central control system for updating, and sends an instruction to the server for updating the recorded information;
after completing matching verification during system startup, the central control system and the subsystems thereof respectively write key data into the designated memory area, jump to the user application program area and continue to execute the user application program;
the key required by the remote server side encryption corresponds to the version number of the system bootstrap program of the central control system, and the server appoints keys for the system bootstrap program of the central controller system with each versions when the remote server side encryption is delivered from a factory;
the memory area written with the key data is excluded from an available range when a system boot program and a user application program are compiled, so that the problem that a firmware program covers the memory area to generate program faults when being executed is avoided.
5. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein:
the specific method for establishing the correlation between the central control system and the subsystems comprises the following steps:
the central control system and the subsystems thereof mutually transmit hardware unique markers of the system and the version number of a system bootstrap program when the system is started at th time, and establish matching information, then the central control system and the subsystems thereof respectively encrypt the matching information and respectively store the matching information in a designated safety region, the central control system connects an external remote server and registers hardware when information matching is carried out, and the matching information is recorded in the external remote server, wherein the information registered in the server comprises the hardware unique markers of the central control system, the version number of a user application program of the central control system, the hardware unique markers of all connected subsystems, the version number of the user application program of the subsystems and the version number of the system bootstrap program.
6. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein: the method for detecting the matching validity of the firmware comprises the following steps:
the central control system and the subsystem respectively read the hardware unique marker of the system when the system is started, then respectively read blocks of encrypted data stored in a system boot program area and decrypt the encrypted data, judge whether the firmware and the system hardware are matched according to the decrypted matching information and the hardware unique marker read in real time, if the matching check of the central control system or the subsystem is not passed, the program stops executing, and if the matching check of the central control system and the subsystem is passed, the next step of matching check is continued ;
the subsystem sends the decrypted matching information to the central control system, the central control system searches whether the matching record of the subsystem exists in the decrypted matching information, if the corresponding matching information is found, the subsystem and the central control system are determined to be matched, the system is legal, and subsequent programs are continuously executed.
7. The firmware protection and upgrade method of a firmware encryption system including a microcontroller according to claim 4, wherein:
the central control system sends the system information to the server when checking the firmware update, wherein the system information comprises an encrypted hardware unique marker of the central control system, a version number of a system bootstrap program of the central control system, a version number of a user application program of the central control system, hardware unique markers of all subsystems connected with the central control system and the version number of the user application program, and a version number of the system bootstrap program of the central control system sent in clear text;
and the remote external server determines a secret key according to the version number of the system bootstrap program received by the plaintext, decrypts and extracts system information.
CN201811031615.5A 2018-09-05 2018-09-05 Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof Active CN110737448B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811031615.5A CN110737448B (en) 2018-09-05 2018-09-05 Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811031615.5A CN110737448B (en) 2018-09-05 2018-09-05 Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof

Publications (2)

Publication Number Publication Date
CN110737448A true CN110737448A (en) 2020-01-31
CN110737448B CN110737448B (en) 2023-08-11

Family

ID=69236609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811031615.5A Active CN110737448B (en) 2018-09-05 2018-09-05 Firmware encryption system comprising microcontroller and firmware protection and upgrading method thereof

Country Status (1)

Country Link
CN (1) CN110737448B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001045414A2 (en) * 1999-12-15 2001-06-21 Conexant Systems, Inc. System of and method for secure firmware update and loading of cable modem
CA2530107A1 (en) * 2001-05-10 2002-11-10 Ranco Incorporated Of Delaware System and method for securely upgrading firmware
US20020188934A1 (en) * 2001-06-12 2002-12-12 Nortel Networks Limited Method and system for upgrading existing firmware on third party hardware
US20080229114A1 (en) * 2007-03-15 2008-09-18 Ricoh Company, Ltd. Information processing apparatus, software update method, and image processing apparatus
JP2009230399A (en) * 2008-03-21 2009-10-08 Fuji Xerox Co Ltd Firmware update system and firmware update program
US20130111455A1 (en) * 2010-08-27 2013-05-02 Huawei Device Co., Ltd. Method for processing firmware based on firmware over the air technology, apparatus, and system
CN103207800A (en) * 2013-04-24 2013-07-17 厦门亿联网络技术股份有限公司 Method for safely and flexibly upgrading firmware
CN103942075A (en) * 2014-04-09 2014-07-23 苏州汇川技术有限公司 System and method for programming elevator controller firmware
US20140208114A1 (en) * 2013-01-18 2014-07-24 Neopost Technologies System and method for massive controlled and secured update of devices firmware
CN105608345A (en) * 2015-12-21 2016-05-25 上海华测导航技术股份有限公司 Stm32 boot program encryption method
US20160306977A1 (en) * 2014-12-22 2016-10-20 Capital One Services, LLC. System and methods for secure firmware validation
WO2017013134A1 (en) * 2015-07-23 2017-01-26 Phoenix Contact Gmbh & Co.Kg Method and system for firmware-updating a control device for process control
CN107395389A (en) * 2017-03-28 2017-11-24 厦门亚锝电子科技有限公司 A kind of light modulator firmware upgrade method based on bluetooth Mesh network
WO2018138789A1 (en) * 2017-01-25 2018-08-02 三菱電機株式会社 Built-in device and firmware update method

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001045414A2 (en) * 1999-12-15 2001-06-21 Conexant Systems, Inc. System of and method for secure firmware update and loading of cable modem
CA2530107A1 (en) * 2001-05-10 2002-11-10 Ranco Incorporated Of Delaware System and method for securely upgrading firmware
US20020188934A1 (en) * 2001-06-12 2002-12-12 Nortel Networks Limited Method and system for upgrading existing firmware on third party hardware
US20080229114A1 (en) * 2007-03-15 2008-09-18 Ricoh Company, Ltd. Information processing apparatus, software update method, and image processing apparatus
JP2009230399A (en) * 2008-03-21 2009-10-08 Fuji Xerox Co Ltd Firmware update system and firmware update program
US20130111455A1 (en) * 2010-08-27 2013-05-02 Huawei Device Co., Ltd. Method for processing firmware based on firmware over the air technology, apparatus, and system
US20140208114A1 (en) * 2013-01-18 2014-07-24 Neopost Technologies System and method for massive controlled and secured update of devices firmware
CN103207800A (en) * 2013-04-24 2013-07-17 厦门亿联网络技术股份有限公司 Method for safely and flexibly upgrading firmware
CN103942075A (en) * 2014-04-09 2014-07-23 苏州汇川技术有限公司 System and method for programming elevator controller firmware
US20160306977A1 (en) * 2014-12-22 2016-10-20 Capital One Services, LLC. System and methods for secure firmware validation
WO2017013134A1 (en) * 2015-07-23 2017-01-26 Phoenix Contact Gmbh & Co.Kg Method and system for firmware-updating a control device for process control
CN105608345A (en) * 2015-12-21 2016-05-25 上海华测导航技术股份有限公司 Stm32 boot program encryption method
WO2018138789A1 (en) * 2017-01-25 2018-08-02 三菱電機株式会社 Built-in device and firmware update method
CN107395389A (en) * 2017-03-28 2017-11-24 厦门亚锝电子科技有限公司 A kind of light modulator firmware upgrade method based on bluetooth Mesh network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LINKSAFE2014: "MCU加密技术分析(二)" *
云利军;孙鹤旭;雷兆明;王炜;: "基于SynqNet的网络化运动控制器研究", no. 02 *
方兵兵;闻路红;: "基于TFTP与AES的嵌入式设备远程固件升级", no. 02 *

Also Published As

Publication number Publication date
CN110737448B (en) 2023-08-11

Similar Documents

Publication Publication Date Title
US10915633B2 (en) Method and apparatus for device security verification utilizing a virtual trusted computing base
JP4906854B2 (en) Information processing apparatus, information recording apparatus, information processing system, program update method, program, and integrated circuit
EP1907917B1 (en) Secure software updates
US8660964B2 (en) Secure device licensing
KR101265099B1 (en) A Method For Software Security Treatment And A Storage Medium
US20030196096A1 (en) Microcode patch authentication
US20140059679A1 (en) Software updating apparatus, software updating system, invalidation method, and invalidation program
US20070217614A1 (en) Program update method and server
CN101308538B (en) Method and apparatus for checking integrity of firmware
US9225692B2 (en) Method and system for protected transmission of files
US8745735B2 (en) Monitoring system, program-executing device, monitoring program, recording medium and integrated circuit
US20130339734A1 (en) Secure Method and System for Remote Field Upgrade of Power Device Firmware
CN106384042A (en) Electronic device and security system
US20080114685A1 (en) System and method for preventing unauthorized installation of a software program
US11544354B2 (en) System for secure provisioning and enforcement of system-on-chip (SOC) features
CN101305377A (en) Communication terminal device, server terminal device, and communication system using the same
CN1988437A (en) System and method for managing credible calculating platform key authorization data
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
CN105100030B (en) Access control method, system and device
KR101226615B1 (en) A Device For Software Obfuscation And A System For Software Security Treatment
CN110737448A (en) firmware encryption system containing microcontroller and firmware protection and upgrade method thereof
EP3123384B1 (en) Protecting an item of software
KR101906484B1 (en) Method for application security and system for executing the method
CN114221769B (en) Method and device for controlling software authorization permission based on container
CN116781359B (en) Portal security design method using network isolation and cryptograph

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant